Practice SAP-C02 Continuous Improvement for Existing Solutions questions with full explanations on every answer.
Start practicing
Continuous Improvement for Existing Solutions — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A company is running a web application on AWS using an Application Load Balancer (ALB) in front of an Auto Scaling group of EC2 instances. The application experiences periodic traffic spikes that cause increased latency. The company wants to implement a solution to automatically adjust capacity in anticipation of traffic changes. What should a solutions architect do?
2A company has a monolithic application running on a single Amazon RDS for MySQL DB instance. The application is experiencing performance issues due to heavy read traffic. The company wants to implement a solution that offloads read traffic with minimal application changes. What should a solutions architect do?
3A company is using AWS CloudFormation to deploy infrastructure. The security team requires that all Amazon S3 buckets created by CloudFormation must be encrypted at rest. What should a solutions architect do to enforce this requirement?
4A company runs a containerized application on Amazon ECS with Fargate. The application needs to securely access an Amazon S3 bucket. The company wants to follow the principle of least privilege. What should a solutions architect recommend?
5A company has an AWS Lambda function that processes messages from an Amazon SQS queue. The function is invoked with a batch size of 10. Some messages are failing repeatedly, causing the function to retry them up to the maximum retry count and then they are sent to a dead-letter queue (DLQ). The company wants to improve the resilience of the application by handling partial batch failures more efficiently. What should a solutions architect do?
6A company is using AWS Organizations with multiple accounts. The security team wants to ensure that all Amazon S3 buckets across the organization are encrypted at rest. Which TWO steps should the security team take to enforce this requirement?
7A company is running a critical application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The application needs to process a large batch job that runs once per month and takes 2 hours. The company wants to optimize costs while ensuring the batch job has sufficient capacity. Which THREE steps should a solutions architect recommend?
8A company runs a critical application on EC2 instances behind an Application Load Balancer (ALB) in a production AWS account. Recently, the application has experienced intermittent timeouts. The operations team notices that the CPU utilization of the instances spikes to 100% for a few minutes during the timeouts. The Auto Scaling group is configured with a target tracking scaling policy based on average CPU utilization at 70%. What should a solutions architect do to improve the application's availability and reduce timeouts?
9A company is running a stateful web application on EC2 instances in an Auto Scaling group behind an ALB. The application stores session data locally on the instance. The company notices that users are frequently logged out and lose session data during scaling events. What is the MOST operationally efficient way to preserve session state?
10A company uses AWS CloudFormation to deploy infrastructure. The operations team wants to automatically roll back a stack update if it fails, and receive a notification. What should be configured to meet these requirements?
11A company is running a containerized microservices application on Amazon ECS with Fargate launch type. The application experiences increased latency during peak hours. Upon investigation, the CPU utilization of the tasks reaches 90%. The ECS service is configured with a target tracking scaling policy based on average CPU at 70%. However, scaling is not keeping up with demand. What should a solutions architect do to improve the responsiveness of the scaling?
12A company has a legacy application that runs on a single EC2 instance. The application writes logs to a local file. The company wants to centralize log management without modifying the application code. Which solution is MOST operationally efficient?
13A company is running a web application on EC2 instances in an Auto Scaling group behind an ALB. The application uses an Amazon RDS for MySQL database. Recently, the application has become slow, and the operations team identifies that the database is the bottleneck due to a high number of read queries. Which TWO actions should a solutions architect take to improve read performance? (Choose two.)
14A company is deploying a new application on AWS and wants to implement a least-privilege IAM policy for an EC2 instance that needs to read from an S3 bucket (my-bucket) and write logs to CloudWatch Logs. Which THREE statements should be included in the IAM policy? (Choose three.)
15An IAM policy is attached to a group. A user in the group tries to terminate an EC2 instance in us-east-1 using the AWS CLI. What will happen?
16A solutions architect runs the command shown in the exhibit. Which statement is true about the output?
17A company uses AWS CloudFormation to manage its infrastructure. The operations team reports that stack updates often fail because of resource conflicts. The team wants to improve the reliability of updates without manual intervention. Which solution provides the MOST automated recovery from update failures?
18A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application uses an Amazon RDS MySQL Multi-AZ DB instance. During a recent load test, the application became unresponsive for several minutes. The monitoring shows that the RDS instance CPU utilization spiked to 100% during the test. The application reads and writes to the same database. Which design change would provide the BEST improvement in database scalability and reduce CPU contention?
19A company uses AWS CodePipeline to automate deployments of a microservices application to Amazon ECS. The pipeline builds a Docker image, pushes it to Amazon ECR, and updates the ECS service. Recently, deployments have failed because insufficient IAM permissions cause the pipeline to fail when updating the ECS service. The development team wants to implement least privilege permissions. Which IAM policy statement should be added to the CodePipeline service role to allow it to update the ECS service?
20A company is using an AWS Lambda function to process records from an Amazon Kinesis stream. The function stores results in an Amazon DynamoDB table. The team notices that the Lambda function sometimes fails due to throttling from DynamoDB. Which TWO actions should the team take to improve the continuous processing of records? (Choose TWO.)
21An e-commerce company runs its application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application uses an Amazon Aurora MySQL DB cluster with one writer and two reader instances. During a sales event, the database CPU utilization is high, and read replicas show high replica lag. The company needs to improve the read scalability and reduce replica lag. Which THREE actions should the company take? (Choose THREE.)
22A company runs a critical web application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The application stores session state in an Amazon ElastiCache for Redis cluster. Recently, the operations team noticed that during traffic spikes, the ALB returns 5xx errors and the application becomes slow. CloudWatch metrics show that the Redis cluster's CPU utilization reaches 100% and memory usage is high. The Auto Scaling group scales out, but the new instances take several minutes to warm up and become healthy. The company needs to improve the application's ability to handle traffic spikes with minimal impact on performance. Which solution should the company implement?
23A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application experiences intermittent latency spikes. The operations team has enabled detailed CloudWatch metrics and EC2 instance status checks. The team needs to identify the root cause of the latency. Which TWO actions should the team take to diagnose the issue? (Choose two.)
24Refer to the exhibit. A company uses this IAM policy to allow an automation script to manage Amazon EBS snapshots. The script runs on an EC2 instance with this attached IAM role. The script is failing when trying to create a snapshot from a volume and tag it. The error message indicates an authorization failure. What is the root cause?
25A company runs a containerized microservices application on Amazon ECS with Fargate launch type. The application consists of a frontend service and a backend service. The backend service is CPU-intensive and experiences high load during business hours. The operations team observes that the frontend service sometimes returns 503 errors during peak load. The team has already configured an ECS service auto scaling policy for the backend service based on average CPU utilization with a target value of 70%. The backend service is currently running 4 tasks, and the frontend is running 2 tasks. The errors seem to correlate with the backend scaling up. Which solution should the team implement to improve the application's performance and reduce errors?
26Drag and drop the steps to troubleshoot an EC2 instance that is unreachable via SSH in the correct order.
27Drag and drop the steps to deploy a serverless application using AWS SAM in the correct order.
28Match each AWS database service to its characteristic.
29Match each AWS monitoring and logging service to its capability.
30A company uses AWS Lambda to process incoming messages from an SQS queue. The Lambda function is triggered by SQS and processes messages in batches of 10. Recently, the number of messages has increased significantly, and some messages are being processed multiple times. What should a solutions architect do to ensure exactly-once processing?
31A company runs a web application on Amazon ECS with Fargate launch type behind an Application Load Balancer. The application stores session state in a local file system on the container. Users report that they are frequently logged out and lose session data. What is the most likely cause?
32A company has a production AWS account with multiple VPCs connected via a transit gateway. The security team wants to centrally capture all VPC flow logs for analysis in Amazon Athena. What is the MOST cost-effective way to store the flow logs?
33A company uses AWS CloudFormation to deploy infrastructure. They have a stack that creates an Amazon RDS for MySQL database. The stack creation fails with the error 'The following resource(s) failed to create: [DBInstance]'. The solutions architect needs to troubleshoot the issue. Which approach should be taken first?
34A company uses Amazon ElastiCache for Redis to cache frequently accessed data. The cache cluster is a single node (cache.r5.large). Over time, the cache hit ratio has decreased, and the CPU utilization is consistently above 80%. What should a solutions architect do to improve performance?
35A company is using Amazon S3 to store critical data. The security team requires that all data at rest be encrypted using AWS KMS with automatic rotation of the customer master key (CMK) every year. What should a solutions architect do to meet this requirement?
36A company runs a stateful web application on EC2 instances behind an Application Load Balancer. The application stores session data locally on the instances. The company wants to improve availability and scalability. What should a solutions architect recommend?
37A company uses Amazon DynamoDB with provisioned capacity for a critical workload. They notice that write requests are being throttled during peak hours. The table has a partition key of 'user_id' and a sort key of 'timestamp'. The access pattern is evenly distributed. What should a solutions architect do to reduce throttling?
38A company is using AWS CloudTrail to log all API activity. The security team wants to be alerted when an IAM user creates a new access key. What is the simplest way to achieve this?
39A company runs a web application on Amazon ECS with Fargate launch type. The application uses an Application Load Balancer. The operations team notices that the ALB returns 503 errors during peak traffic. Which TWO actions should the solutions architect take to resolve this issue?
40A company is using an AWS Lambda function to process files uploaded to an S3 bucket. The function is written in Python and uses the boto3 library to read the files. Recently, some files have been processed multiple times. Which TWO measures should a solutions architect implement to ensure idempotent processing?
41A company is using Amazon RDS for PostgreSQL with Multi-AZ deployment. The database experiences high write latency during peak hours. The solutions architect suggests using an RDS read replica to offload read traffic. Which THREE steps are necessary to implement this solution?
42A company uses cross-account S3 access. The above IAM policy is attached to an IAM user in Account A. The user tries to upload an object to a bucket in Account B, but the upload fails. What is the MOST likely reason?
43A solutions architect runs the above commands for an EC2 instance. The instance state is 'running' but the system status is 'impaired'. What should the solutions architect do to restore the instance?
44A solutions architect deployed the above CloudFormation template. However, the Lambda function is not triggered when objects are uploaded to the S3 bucket. What is the most likely cause?
45A company runs a critical web application on EC2 instances behind an Application Load Balancer. The instances are in an Auto Scaling group with a dynamic scaling policy based on average CPU utilization. After a recent deployment, users report intermittent timeouts. CloudWatch metrics show CPU utilization spikes to 90% before scaling out, but the new instances take 5 minutes to become healthy. What is the MOST effective solution to reduce timeouts during traffic spikes?
46A company uses AWS Lambda to process files uploaded to an S3 bucket. The Lambda function writes results to a DynamoDB table. Over time, the function's execution time has increased, and some operations fail with ProvisionedThroughputExceededException. The function is configured with 1024 MB memory and a 5-minute timeout. The DynamoDB table has 1000 RCUs and 500 WCUs. The Lambda function performs reads and writes on the same table. What is the MOST cost-effective way to resolve the throttling without sacrificing performance?
47A DevOps engineer notices that a CloudFormation stack update fails with the error: 'UPDATE_ROLLBACK_FAILED'. The stack is in a state where some resources were updated, but others failed to update. The engineer needs to fix the stack and complete the update. What should the engineer do FIRST?
48A company uses AWS CodePipeline to deploy a web application to an Elastic Beanstalk environment. The deployment pipeline includes a source stage, a build stage using CodeBuild, and a deploy stage. Recently, deployments have been failing in the deploy stage with the error: 'The environment is in an invalid state for this operation.' The developer confirms the build artifacts are correct. What is the MOST likely cause?
49A financial services company has a multi-account AWS Organization with hundreds of accounts. The security team needs to ensure that all S3 buckets across the organization are encrypted at rest and that no public read access is allowed. They want a solution that automatically remediates non-compliant buckets in real time. What is the MOST scalable and operationally efficient approach?
50A company is using AWS CloudFormation to manage infrastructure. The operations team wants to be notified when a stack operation fails. Which approach is the MOST efficient?
51A company runs a stateful web application on EC2 instances in an Auto Scaling group. The application uses a shared EFS file system for persistent data. The operations team notices that during scale-in events, some requests fail because the instance is terminated while still processing. What is the BEST way to prevent request failures during scale-in?
52A company runs a critical application on Amazon ECS Fargate. The application uses an Application Load Balancer as the front end. Recently, the application experienced a spike in traffic, and many tasks were marked as unhealthy and replaced. The team wants to improve resilience to traffic spikes without over-provisioning. What should the team do?
53A company is using Amazon S3 to store sensitive data. The security team requires that all data be encrypted at rest using server-side encryption with AWS KMS. The company also needs to ensure that any attempt to upload an unencrypted object is blocked. How can the company enforce this requirement?
54A company runs a web application on EC2 instances in an Auto Scaling group. The application writes logs to local instance storage. The operations team wants to centralize log analysis using Amazon CloudWatch Logs. The team needs a solution that is resilient to instance failures and does not lose logs. Which TWO options should the team implement? (Choose TWO.)
55A company uses AWS CodeBuild to compile and test code. The build process takes a long time because dependencies are downloaded from the internet each time. The company wants to speed up the build process. Which TWO actions should the company take? (Choose TWO.)
56A company runs a microservices architecture on Amazon ECS with Fargate. The operations team observes that some services are experiencing high latency during peak hours. The team wants to identify the root cause. Which THREE approaches should the team use? (Choose THREE.)
57A company uses Amazon S3 to store critical data. They need to ensure that data is automatically replicated to another AWS Region for disaster recovery. Which configuration meets this requirement with minimal operational overhead?
58A company is migrating from a monolithic application to microservices on AWS. They need to reduce the blast radius of failures. Which architecture pattern should they implement?
59A DevOps engineer notices that an EC2 instance's CPU utilization is consistently above 90%. They need to optimize costs without affecting performance. What should they do?
60A company runs a web application on a single EC2 instance. They want to improve availability and fault tolerance with minimal architectural changes. What should they do?
61A company uses Amazon RDS for MySQL with Multi-AZ deployment. During a recent failover, they experienced a few minutes of downtime because the application's connection string pointed to the primary instance DNS name. What is the MOST effective solution to minimize downtime during failover?
62A company stores sensitive data in Amazon S3. They need to ensure that data is encrypted at rest using a key managed by the company's on-premises hardware security module (HSM). Which S3 encryption option should they use?
63A company has a production AWS Lambda function that processes orders. The function's execution time has increased, causing timeouts. The team wants to troubleshoot without affecting production traffic. What should they do?
64A company runs a stateless web application on EC2 instances behind an Application Load Balancer (ALB). During peak traffic, some instances become unhealthy and are replaced by Auto Scaling, but users experience errors. What is the MOST likely cause?
65A company wants to automatically enforce encryption on all new objects uploaded to an S3 bucket. What should they do?
66A company runs a critical application on EC2 instances in an Auto Scaling group. They want to ensure that during a patching cycle, the application remains available and no requests are dropped. Which TWO strategies should they implement? (Choose TWO.)
67A company is building a serverless application using AWS Lambda, Amazon API Gateway, and Amazon DynamoDB. They want to improve performance and reduce costs. Which THREE actions should they take? (Choose THREE.)
68A company has an Amazon RDS for PostgreSQL database that is experiencing high CPU utilization due to a large number of read queries. They need to offload read traffic and improve performance. Which TWO actions should they take? (Choose TWO.)
69A company uses an Application Load Balancer (ALB) to distribute traffic to an Auto Scaling group of EC2 instances. The operations team notices that the ALB is returning a high number of 504 errors during peak hours. Which configuration change is MOST likely to reduce the 504 errors?
70A company runs a critical web application on EC2 instances behind an ALB. The application stores session data in an ElastiCache Redis cluster. During a recent outage, the Redis cluster failed and all active sessions were lost, causing users to be logged out. Which solution would provide the HIGHEST availability for session data?
71A company has a microservices architecture running on Amazon ECS with Fargate. Each service writes logs to CloudWatch Logs. The operations team needs to search across all logs for a specific error pattern. Currently, they manually query each log group, which is time-consuming. What is the MOST efficient way to enable centralized log search?
72A company uses AWS Lambda to process events from an Amazon SQS queue. The Lambda function is invoked with a batch size of 10. Recently, the function started failing with timeout errors when processing large batches. Which solution would improve the reliability of event processing without losing messages?
73A company runs a static website on Amazon S3 behind Amazon CloudFront. The website uses a custom domain and SSL certificate from AWS Certificate Manager (ACM). Users report that they sometimes see an older version of the website after updates. What should the company do to ensure users always see the latest content?
74A company has a data pipeline that uses AWS Glue to process large datasets in Amazon S3. The pipeline runs daily and takes over 12 hours to complete. The company wants to reduce the processing time. Which approach would be MOST effective?
75A company uses Amazon RDS for MySQL for its database. The operations team notices that read queries are slow during peak hours. The application is read-heavy and can tolerate eventual consistency. Which solution would improve read performance with minimal application changes?
76A company runs a containerized application on Amazon ECS with Fargate. The application needs to access an Amazon S3 bucket that contains sensitive data. The security team requires that all traffic between the ECS tasks and S3 remain within the AWS network and not traverse the internet. What is the MOST secure way to meet this requirement?
77A company uses AWS CloudFormation to manage infrastructure. A recent stack update failed because a resource exceeded a service quota. The team wants to be notified proactively when service limits are approaching. Which solution meets this requirement?
78A company runs a web application on EC2 instances behind an ALB. The application uses an Amazon Aurora MySQL database. The operations team notices that the database CPU utilization is consistently above 80% during business hours. The team needs to reduce database load without changing the application code. Which TWO actions should the team take? (Select TWO.)
79A company uses AWS Organizations to manage multiple accounts. The security team needs to ensure that all S3 buckets across the organization are encrypted at rest. Currently, some buckets are not encrypted. Which THREE steps should the team take to enforce encryption? (Select THREE.)
80A company runs a stateless web application on EC2 instances in an Auto Scaling group. The application occasionally receives traffic spikes that cause the Auto Scaling group to launch new instances. However, the new instances take several minutes to become healthy, causing a temporary performance degradation. Which TWO actions would improve the scaling responsiveness? (Select TWO.)
81A company runs a web application on EC2 instances behind an Application Load Balancer. Users report intermittent slowdowns. CloudWatch metrics show high CPU utilization on the instances. The company wants to improve performance with minimal architectural changes. What should a solutions architect do?
82A company has a legacy monolithic application running on a single EC2 instance. The application stores customer data in an attached EBS volume. The company wants to modernize the application to improve scalability and availability. Which approach should a solutions architect recommend?
83A solutions architect notices that an Auto Scaling group's instances are continuously being terminated and replaced. CloudWatch logs show that health checks are failing due to high memory usage. The instances run a memory-intensive application. What should the architect do to improve stability?
84A company is using Amazon S3 to store critical data and needs to ensure that objects are automatically deleted after 30 days. The current lifecycle policy is configured to expire objects after 30 days, but objects are not being deleted. What is the most likely cause?
85A company runs a production database on Amazon RDS for PostgreSQL. The database experiences high write latency during peak hours. The company wants to improve write performance with minimal cost. Which action should a solutions architect take?
86A company is using Amazon CloudFront to deliver content to users worldwide. The origin is an S3 bucket. Users in some regions experience high latency. What is the most effective way to reduce latency?
87A company is running a stateful web application on EC2 instances in an Auto Scaling group. Users report that their sessions are lost when instances are terminated during scale-in. What should a solutions architect do to preserve session state?
88A company is migrating a legacy application to AWS. The application requires a fixed IP address for whitelisting by a third-party service. The application will run on EC2 instances behind an Application Load Balancer. The company needs a solution that provides a static IP address for outbound traffic. What should a solutions architect do?
89A company uses AWS CloudFormation to deploy infrastructure. A recent change to a stack failed because an IAM role name already exists. The company wants to avoid this issue in the future. What should a solutions architect do?
90A company has a web application running on EC2 instances in an Auto Scaling group. The application experiences unpredictable traffic spikes. The company wants to ensure that the application can scale out quickly and scale in to reduce costs. Which TWO actions should the solutions architect recommend?
91A company runs a critical application on Amazon ECS with Fargate launch type. The application needs to be highly available across multiple Availability Zones. The company wants to implement blue/green deployments to minimize downtime. Which THREE steps should the solutions architect take?
92A company stores sensitive data in an S3 bucket. The security team requires that all data be encrypted at rest and that the encryption keys be rotated automatically every year. The company also needs to audit who accessed the key and when. Which THREE services should the solutions architect use to meet these requirements?
93A solutions architect applies the IAM policy shown in the exhibit to an IAM user. The user attempts to upload an object to the S3 bucket 'my-bucket' without specifying the 'x-amz-server-side-encryption' header. What will happen?
94A solutions architect runs the AWS CLI command shown in the exhibit to troubleshoot a failed CloudFormation stack creation. What is the most likely cause of the failure?
95A solutions architect deployed an AWS Lambda function using a deployment package. The function logs the error shown in the exhibit. What is the most likely cause?
96A company is using AWS Lambda functions to process data from an SQS queue. The Lambda function sometimes fails due to transient errors, but the messages are not being retried. Which configuration should the company check to ensure proper retry behavior?
97A company uses Amazon RDS for MySQL with Multi-AZ deployment. During a recent failover, the application experienced a 5-minute downtime. The application uses a connection pool with a 30-second connection timeout. The RDS DNS name is used as the endpoint. What is the MOST likely cause of the downtime?
98A company has deployed a web application behind an Application Load Balancer (ALB) with an Auto Scaling group. Users report that the application is slow during peak hours. The CPU utilization of the EC2 instances is consistently below 40%, but the ALB's request count per target is high. Which action would MOST improve performance?
99A company uses Amazon CloudFront with an S3 origin to serve static content. They recently updated the content in S3, but users still see the old files. What is the MOST likely reason?
100A company runs a containerized application on Amazon ECS with Fargate launch type. The application needs to access an S3 bucket. The ECS task role has the necessary S3 permissions. However, the application is unable to upload files to S3. What is the MOST likely cause?
101A company uses AWS CloudFormation to deploy infrastructure. They want to update a stack but need to ensure that a specific resource is not accidentally replaced. Which CloudFormation attribute should they use?
102A company uses Amazon DynamoDB with on-demand capacity. They notice that a specific table frequently exceeds the write throughput limit and experiences throttling. The table has a partition key with high cardinality. What is the MOST likely cause of throttling?
103A company uses AWS Elastic Beanstalk to deploy a web application. They want to update the environment's configuration to use a larger instance type without any downtime. Which update policy supports this?
104A company uses Amazon RDS for PostgreSQL and needs to apply a minor version upgrade. They want to minimize downtime. Which approach should they use?
105A company is using AWS CodePipeline to automate deployments. They want to add a manual approval step before deploying to production. Which TWO actions are required?
106A company is migrating a monolithic application to microservices on Amazon ECS. They want to implement a service mesh for observability and traffic management. Which THREE AWS services should they consider?
107A company uses Amazon S3 to store critical data. They need to ensure that data is encrypted at rest. Which TWO methods can achieve this?
108Refer to the exhibit. An IAM policy is attached to a user. The user attempts to upload an object to example-bucket with SSE-S3 (AES256) encryption. What will happen?
109Refer to the exhibit. A solutions architect runs the AWS CLI command to check the state of an EC2 instance. The output shows the instance is running. However, the application team reports that the instance is unreachable over SSH. What is the MOST likely cause?
110Refer to the exhibit. A CloudFormation template is used to create an S3 bucket with versioning enabled and a DeletionPolicy of Retain. The stack is deleted. What happens to the bucket and its objects?
111A company runs a web application on EC2 instances behind an Application Load Balancer (ALB). Users report intermittent 503 errors. The ALB target group health checks are failing. Which step is MOST likely to resolve the issue?
112A company uses AWS CloudFormation to deploy a multi-tier application. The stack fails to update due to a resource conflict. The operations team needs to identify the resource causing the failure and modify the template to allow the update. Which approach is MOST effective?
113A company wants to reduce costs for its Amazon RDS for MySQL database without affecting performance. The database is used by a read-intensive application. Which action should the company take?
114A company has a serverless application using AWS Lambda and Amazon API Gateway. The application experiences cold starts that cause latency spikes. Which solution would reduce the impact of cold starts?
115A company has a hybrid architecture with an AWS Direct Connect connection to its on-premises data center. The company wants to improve network availability and ensure that if the Direct Connect fails, traffic automatically uses a VPN backup. Which configuration should the company implement?
116A DevOps team wants to automatically enforce tagging standards on all AWS resources created in an account. If a resource is created without the required tags, the team wants to prevent the creation or remediate it. Which AWS service should the team use?
117A company runs a containerized application on Amazon ECS with Fargate launch type. The application experiences intermittent timeouts when calling an external API. The ECS tasks are in a private subnet with a NAT gateway. How can the company improve the reliability of outbound traffic?
118A company receives a Trusted Advisor recommendation to reduce costs by deleting unused Amazon EBS snapshots. The company has hundreds of snapshots. Which approach should the company use to identify and delete snapshots that are no longer needed?
119A company uses Amazon S3 to store critical data. The company wants to ensure that data is protected against accidental deletion and that deleted objects can be recovered within 30 days. Which S3 feature should the company enable?
120A company is migrating a legacy application to AWS. The application requires static IP addresses for whitelisting by external partners. The company will use a Network Load Balancer (NLB) to distribute traffic to EC2 instances. Which TWO actions should the company take to provide static IP addresses for the partners to whitelist?
121A company has a production AWS account with multiple VPCs connected via a Transit Gateway. The security team wants to centrally inspect all traffic between VPCs using a third-party firewall appliance. The firewall must be able to process traffic, and the solution must be highly available. Which THREE steps should the company take?
122A company is using AWS Organizations to manage multiple accounts. The security team wants to enforce that no S3 buckets in any account are publicly accessible. Which TWO services can the team use to achieve this?
123Refer to the exhibit. An IAM policy is attached to an IAM group. When a user in the group tries to start a stopped EC2 instance with the tag 'Environment: production', the action fails. What is the MOST likely reason?
124Refer to the exhibit. A CloudFormation stack was successfully created. The stack's template includes an S3 bucket and a Lambda function. A developer runs the CLI command shown but receives an error that the stack does not exist. What is the MOST likely cause?
125Refer to the exhibit. A company has an Amazon ECS task definition with two containers. The 'web' container is essential, and the 'sidecar' container is not. The 'sidecar' container exits unexpectedly. What will happen to the task?
126A company runs a production web application on EC2 instances in an Auto Scaling group behind an ALB. The application logs are stored on an EBS volume attached to each instance. The operations team notices that the logs are not being sent to a central location. What is the MOST efficient way to centralize log collection with minimal code changes?
127A company has a multi-account AWS organization with hundreds of accounts. The security team wants to ensure that all accounts have AWS Config enabled with a specific set of rules. They also want to automatically remediate non-compliant resources. Which solution is MOST scalable and operationally efficient?
128A company is using Amazon ECS with Fargate launch type for a microservices application. The application experiences intermittent latency spikes. CloudWatch metrics show high CPU utilization but no obvious pattern. What should the company do to identify the cause?
129A company is using AWS CodePipeline to build and deploy a Java application to Elastic Beanstalk. Recently, deployments have been failing due to unit test failures in the build stage. The team wants to receive immediate notifications when a pipeline fails. What is the MOST efficient way to achieve this?
130A company runs a critical database on an RDS for MySQL Multi-AZ DB instance. The database is experiencing high read latency. The application is read-heavy and uses many complex joins. The company needs to improve read performance with minimal application changes. Which solution is MOST appropriate?
131A company uses Amazon S3 to store sensitive customer data. The security team requires that all data be encrypted at rest using server-side encryption with a customer-managed key (SSE-KMS). What is the MOST secure way to enforce this requirement across all S3 buckets?
132A company is running a batch processing job on an EC2 instance that processes data from an S3 bucket and writes results to another S3 bucket. The job runs once per hour and takes about 20 minutes. The company wants to optimize costs by only paying for compute time when the job is running. Which solution is MOST cost-effective?
133A company has a legacy application that runs on an EC2 instance with a single EBS volume. The application stores temporary data on a second EBS volume that is attached to the instance. The company wants to improve durability of the temporary data without increasing costs significantly. What should the company do?
134A company is using Amazon CloudFront to deliver static content from an S3 bucket. The company wants to ensure that users can only access content through CloudFront and not directly from the S3 bucket. What should the company do?
135A company is deploying a web application on EC2 instances behind an Application Load Balancer. The application experiences high traffic during business hours and low traffic at night. The company wants to automatically scale the instances based on CPU utilization. Which TWO steps are required to achieve this?
136A company runs a containerized microservices application on Amazon EKS. The operations team notices that some pods are frequently being evicted due to resource constraints. The team wants to improve resource utilization and reduce evictions. Which TWO actions should the team take? (Choose two.)
137A company uses AWS CodeCommit to store source code and CodePipeline for CI/CD. The pipeline includes a build stage using CodeBuild and a deploy stage to Elastic Beanstalk. The team wants to add a manual approval step before deployment to production. Which THREE resources are needed? (Choose three.)
138A company applies the above IAM policy to an IAM user. The user attempts to upload an object to my-bucket using the AWS CLI with the command: aws s3 cp file.txt s3://my-bucket/. What is the outcome?
139A security engineer runs the above command to list network interfaces attached to security group sg-12345678. The engineer notices that instance i-0a1b2c3d4e5f67890 has two network interfaces but only one is shown in the output. What is the MOST likely reason?
140A company deploys the above CloudFormation template. After creation, they upload a file to the bucket and then delete it. What happens to the deleted object after 30 days?
141A company uses AWS Lambda functions to process events from Amazon S3. They notice that some Lambda invocations are failing with 'ResourceNotFoundException' errors when trying to write to an Amazon DynamoDB table. The Lambda execution role has a policy that grants dynamodb:PutItem on the table. What is the most likely cause of these errors?
142A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). They have configured an Auto Scaling group with a dynamic scaling policy based on CPU utilization. During a traffic spike, the Auto Scaling group launches new instances, but users report slow response times. What should the company do to improve the scaling responsiveness?
143A company is migrating a legacy monolithic application to AWS. They plan to use Amazon ECS with Fargate for containerized microservices. The application requires sticky sessions and SSL termination. What should the company use to meet these requirements?
144A company has a stateful web application running on Amazon EC2 instances. They want to implement blue/green deployments to reduce downtime. Which TWO actions should the company take? (Choose TWO.)
145A company runs a critical application on Amazon RDS for MySQL. They want to implement a disaster recovery (DR) strategy across AWS Regions with a Recovery Point Objective (RPO) of 1 second and Recovery Time Objective (RTO) of 1 minute. Which TWO strategies meet these requirements? (Choose TWO.)
146A company is using AWS CloudFormation to deploy infrastructure. They want to ensure that updates to a stack do not cause downtime for a critical web application. Which THREE strategies should they consider? (Choose THREE.)
147A company has an IAM policy attached to a user. When the user tries to stop an EC2 instance using the AWS CLI, they receive an 'AccessDenied' error. The instance is tagged with 'Environment=Production'. What is the most likely cause?
148A developer notices that CloudWatch Logs for a Lambda function show no logs after a recent deployment. The function is invoked successfully. What is the most likely cause?
149A company uses this CloudFormation template to manage an S3 bucket. They notice that old object versions are not being deleted after 30 days. What is the most likely reason?
150A company uses Amazon CloudFront to deliver static content from an S3 bucket. They want to restrict access so that only CloudFront can access the S3 bucket. What configuration should they use?
151A company runs a production database on Amazon RDS for PostgreSQL. They need to perform a major version upgrade with minimal downtime. Which strategy should they use?
152A company is using t3.large instances in an Auto Scaling group. They want to launch instances that support both x86_64 and arm64 architectures. Based on the exhibit, can they meet this requirement with t3.large?
153A company is using AWS CodePipeline to automate deployments. They want to add a manual approval step before deploying to production. How should they configure this?
154A company has an Amazon S3 bucket that stores sensitive data. They want to ensure that all objects in the bucket are encrypted at rest. What should they do?
155A company runs a containerized application on Amazon ECS with Fargate. The application needs to access an Amazon RDS database that is in a private subnet. The ECS tasks are launched in a public subnet. How should they configure network access?
156A company uses AWS Config to record resource changes. The security team wants to be notified when an S3 bucket policy changes to allow public access. What is the most efficient way to achieve this?
157A company runs a production AWS Lambda function that processes orders. Recently, the function has been timing out occasionally. The function uses a VPC with a single private subnet and has a timeout of 30 seconds. What is the MOST likely cause of the timeout?
158A company uses Amazon RDS for PostgreSQL with Multi-AZ and automated backups set to 35 days. The database experiences a sudden spike in write IOPS, causing performance degradation. The team needs to investigate the cause without affecting production. What should they do?
159A company uses Amazon ECS with Fargate launch type for a web application. During deployments, the new tasks fail health checks and the deployment rolls back. What should the team do to identify why the new tasks are failing?
160A company uses AWS CloudFormation to deploy infrastructure. A stack update fails with a resource update failure. The team wants to investigate the specific error without rolling back the stack. What is the BEST approach?
161A company uses Amazon API Gateway with a Lambda authorizer to control access to its APIs. Recently, some requests are returning 401 Unauthorized errors even though the tokens are valid. The Lambda authorizer logs show that the function is invoked and returns an IAM policy. What is the MOST likely cause?
162A company uses Amazon S3 to store sensitive data. The security team requires that all S3 buckets have server-side encryption enabled. How can the company enforce this across all existing and future buckets?
163A company uses Amazon CloudFront to serve static content from an S3 bucket. Users in Europe report slow load times. The CloudFront distribution uses the default cache behavior. What is the MOST cost-effective improvement?
164A company runs a stateful web application on EC2 instances behind an Application Load Balancer (ALB). The application uses WebSockets for real-time communication. During scale-in events, users experience disconnections. How can the company maintain WebSocket connections during scaling?
165A company uses Amazon DynamoDB for a gaming application. The table has a partition key of 'user_id' and a sort key of 'game_id'. The application experiences high latency during peak hours. Which TWO actions would improve read performance?
166A company uses AWS Lambda to process messages from an Amazon SQS queue. The Lambda function is idempotent and processes each message in about 30 seconds. The SQS queue has a visibility timeout of 60 seconds. Recently, the team notices that the same messages are being processed multiple times. Which TWO actions should the team take to prevent duplicate processing?
167A company is designing a new microservices architecture on Amazon ECS with Fargate. The company wants to ensure that services can discover each other using DNS names. Which THREE components are required?
168Refer to the exhibit. An S3 bucket policy is shown. A user from IP 10.0.0.5 makes a GET request over HTTPS. Will the request succeed?
169Refer to the exhibit. An EC2 instance in subnet-11111 (10.0.1.0/24) cannot access the internet. The route table for the subnet is shown. What is the MOST likely cause?
170Refer to the exhibit. An AWS Lambda function logs the error above. The function uses the AWS SDK to call an Amazon DynamoDB table. What is the MOST likely cause?
171A company uses AWS Lambda functions to process orders. Recently, some orders have been lost due to Lambda throttling. The operations team wants to implement a solution to capture failed invocations and retry them. What is the MOST reliable approach?
172A media company runs a video transcoding pipeline on AWS using Amazon EC2 Spot Instances. The pipeline uses a custom AMI with pre-installed software. The operations team notices that the latest AMI is not always used when new instances launch, causing inconsistent transcoding results. What should the team do to ensure that all new Spot Instances use the latest AMI?
173A company is using Amazon RDS for MySQL and needs to capture slow query logs for performance tuning. The logs must be stored for 30 days for analysis. What is the MOST cost-effective way to achieve this?
174A company runs a critical application on EC2 instances behind an Application Load Balancer. The security team requires that all traffic to the application be encrypted in transit and that the load balancer use a certificate from AWS Certificate Manager (ACM). The application currently uses HTTP. What should the company do to meet the security requirement?
175A company runs a containerized application on Amazon ECS using Fargate. The application experiences intermittent high latency during peak hours. The operations team suspects that the task placement strategy is causing resource contention. The cluster uses the default binpack strategy. What should the team do to improve performance?
176A company uses Amazon S3 to store sensitive data. The security team requires that all objects be encrypted at rest. The company currently uses server-side encryption with S3-managed keys (SSE-S3). The security team wants to ensure that only authorized users can access the decryption keys. What should the company do?
177A company runs a web application on EC2 instances in an Auto Scaling group. The application receives a variable workload. The company wants to scale based on a custom metric that tracks the number of active users. What is the MOST efficient way to achieve this?
178A company has a legacy application that runs on a single EC2 instance. The application stores data on an attached EBS volume. The company wants to improve availability and reduce the recovery time objective (RTO) in case of instance failure. What should the company do?
179A company uses Amazon CloudWatch Logs to collect application logs. The operations team wants to be notified when a specific error message appears in the logs. What is the SIMPLEST way to achieve this?
180A company runs a web application on EC2 instances behind an Application Load Balancer. The application experiences a sudden spike in traffic. The operations team notices that the Auto Scaling group is not scaling out quickly enough. Which TWO actions should the team take to improve the scaling responsiveness?
181A company runs a critical database on Amazon RDS for PostgreSQL. The database is experiencing performance degradation due to high CPU utilization. The operations team wants to analyze the root cause. Which THREE steps should the team take to diagnose the issue?
182A company uses AWS CloudFormation to deploy infrastructure. The operations team wants to implement a change management process that requires approval before stack updates can proceed. Which TWO approaches can achieve this?
183A company uses AWS Lambda functions behind an Amazon API Gateway REST API. The Lambda functions query an Amazon RDS for PostgreSQL database. Recently, the company has noticed increased latency and occasional timeouts during peak hours. A solutions architect needs to improve the performance and scalability of the database layer. Which solution will meet these requirements with the LEAST operational overhead?
184A company runs a production application on Amazon ECS with Fargate launch type. The application uses an Application Load Balancer (ALB) to distribute traffic to tasks. The company has configured an Auto Scaling target tracking policy based on average CPU utilization. During a marketing campaign, traffic spikes cause the ALB to return 503 errors. The ECS service dashboard shows that the number of tasks scaled out to the maximum allowed but the CPU utilization remained high. What is the MOST likely cause of the 503 errors?
185A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application stores session data locally on the EC2 instances. The company wants to make the application stateless to improve availability and scalability. Which solution should the solutions architect recommend?
186A company has an AWS Lambda function that processes files uploaded to an S3 bucket. The Lambda function has been running successfully for months. Recently, the company updated the Lambda function code and started seeing occasional throttling errors (HTTP 429) from the Lambda service. The function's reserved concurrency is set to 100. The company is unsure why throttling is occurring only after the code update. What is the MOST likely cause?
187A company runs a critical application on Amazon EC2 instances in an Auto Scaling group. The application uses a custom health check that reports instance health to Amazon CloudWatch. The Auto Scaling group is configured with an EC2 health check type. Recently, the company noticed that instances failing the custom health check are not being terminated and replaced. What should the solutions architect do to ensure that instances failing the custom health check are automatically replaced?
188A company uses AWS CloudFormation to deploy infrastructure. The company wants to ensure that if a stack update fails, the stack automatically rolls back to the last known good state. Which CloudFormation stack option should the company configure?
189A company is running a stateful web application on Amazon EC2 instances in an Auto Scaling group. The instances store session data in an Amazon ElastiCache for Redis cluster. The company wants to improve the application's fault tolerance and ensure that session data is not lost if an Availability Zone fails. What should the solutions architect do?
190A company has a monolithic application running on a single Amazon EC2 instance. The application consists of a web server and a backend worker process. The company wants to migrate to a microservices architecture using containers on Amazon ECS with Fargate. The solutions architect needs to design a solution that minimizes downtime during the migration. Which approach should the solutions architect recommend?
191A company has an S3 bucket that stores sensitive data. The company wants to ensure that all objects uploaded to the bucket are encrypted at rest. Which solution should the solutions architect recommend?
192A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application experiences high request latency during peak traffic. A solutions architect discovers that the ALB is not distributing traffic evenly across the instances. The instances have different sizes (t3.large and t3.xlarge). Which TWO actions should the solutions architect take to improve load distribution?
193A company is using AWS CodePipeline to automate deployments of a web application. The pipeline includes a build stage using AWS CodeBuild and a deploy stage using AWS CodeDeploy to an Auto Scaling group. Recently, deployments have been failing during the deploy stage with an error indicating that the target instances are not in a healthy state. The CodeDeploy agent logs show that the agent is running but the application validation scripts are failing. Which THREE actions should the solutions architect take to troubleshoot and resolve the issue?
194A company uses Amazon RDS for MySQL with Multi-AZ deployment. The database experiences high CPU utilization during peak hours. The company wants to reduce the load on the primary database instance without making changes to the application code. Which TWO solutions should the solutions architect recommend?
195A media company runs a video processing pipeline on AWS. The pipeline uses AWS Step Functions to orchestrate multiple AWS Lambda functions. The first Lambda function downloads a video file from an S3 bucket, the second transcodes it using AWS Elemental MediaConvert, and the third uploads the transcoded files to a different S3 bucket. Recently, the pipeline has been failing intermittently with 'State machine execution timed out' errors. The Step Functions execution history shows that the first Lambda function takes up to 25 minutes to complete for large video files. The Step Functions state machine has a default execution timeout of 5 minutes. The company wants to fix the timeout issue without redesigning the entire pipeline. Which solution should the solutions architect recommend?
196A company runs a containerized application on Amazon ECS with Fargate. The application uses an Application Load Balancer (ALB) to distribute traffic. The company has configured a target tracking scaling policy based on average memory utilization. During a traffic spike, the ECS service scales out, but the new tasks are immediately deregistered and replaced. The CloudWatch logs show that the new tasks are failing the ALB health check. The health check is configured to ping the '/health' endpoint on the container. The solutions architect verifies that the application container correctly responds to the '/health' endpoint with a 200 status code. What is the MOST likely cause of the health check failures?
197A financial services company runs a critical application on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones. The application uses an Amazon RDS for MySQL database with Multi-AZ deployment. The company has a recovery time objective (RTO) of 15 minutes and a recovery point objective (RPO) of 1 hour for the database. During a recent disaster recovery drill, the solutions architect simulated an Availability Zone failure by terminating all EC2 instances and the primary RDS instance in one AZ. The Auto Scaling group launched new instances in the other AZ, and the RDS Multi-AZ failover completed in about 2 minutes. However, the application remained unavailable for 30 minutes because the new EC2 instances could not connect to the RDS secondary instance. The security groups are configured correctly. The RDS instance is not publicly accessible. What is the MOST likely cause of the connectivity issue?
198A company runs a web application on EC2 instances behind an Application Load Balancer. Users report intermittent 503 errors. The Auto Scaling group has a minimum of 2 and maximum of 10 instances. CloudWatch metrics show that CPU utilization rarely exceeds 30%. What is the MOST likely cause of the 503 errors?
199A company is migrating a monolithic application to microservices on Amazon ECS. The application uses a legacy database that does not support distributed transactions. The team wants to ensure data consistency across services. Which solution is BEST for achieving eventual consistency with minimal code changes?
200A company is using Amazon RDS for MySQL and wants to minimize downtime during a major version upgrade. Which approach is the MOST effective?
201A company uses AWS CloudFormation to deploy infrastructure. The operations team notices that stack updates frequently fail because of updates to resources that are not supported for updates. What is the BEST way to handle this?
202A company is using Amazon S3 to store sensitive documents. The security team requires that all objects be encrypted at rest using a customer-managed key (CMK) stored in AWS KMS. Additionally, the CMK must be rotated automatically every year. How should the company configure this?
203A company runs a critical application on Amazon EC2 instances in an Auto Scaling group. The application needs to maintain a fixed number of instances and should automatically replace any unhealthy instance. Which scaling policy should be used?
204A company uses Amazon DynamoDB as a data store for a mobile application. The application experiences throttling errors during peak hours. The table has a provisioned read capacity of 5000 RCUs and write capacity of 2000 WCUs. The throttling is on writes. What is the MOST cost-effective solution?
205A company is designing a disaster recovery strategy for a multi-tier application hosted on AWS. The application uses Amazon RDS for MySQL with Multi-AZ deployment. The Recovery Time Objective (RTO) is 15 minutes and Recovery Point Objective (RPO) is 1 hour. Which solution meets these requirements with the LEAST operational overhead?
206A company wants to monitor CPU utilization of their EC2 instances and receive an alert when utilization exceeds 80% for 10 minutes. Which AWS service should be used?
207A company is using Amazon CloudFront to distribute content globally. They want to optimize cost and performance. Which TWO actions are recommended?
208A company is designing a serverless event-driven application using AWS Lambda. The application processes messages from an Amazon SQS queue. The team needs to ensure that messages are processed in order and exactly once. Which THREE steps should be taken?
209A company wants to implement a centralized logging solution for multiple AWS accounts. Which TWO services should be used together?
210A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application uses an Amazon Aurora MySQL database. Recently, the application has become slow during peak hours. The operations team notices that the database CPU utilization is high, but the number of connections is within limits. The application is read-heavy. The team wants to improve performance with minimal changes to the application code. The database is currently a single Aurora instance. Which solution should the team implement?
211A company has a CI/CD pipeline that builds and deploys a containerized application to Amazon ECS Fargate. The pipeline uses AWS CodeBuild to run tests and build Docker images. Recently, the pipeline has been failing intermittently with the error 'CannotPullContainerError: Error response from daemon: manifest for <image> not found'. The image is stored in Amazon ECR. The team suspects the issue is related to image tag inconsistency. The pipeline tags images with the commit hash. Which change will prevent this error?
212A company runs a batch processing job on Amazon EC2 instances that are part of an Auto Scaling group. The job runs every night and takes approximately 2 hours. The instances are launched using a launch template with a Spot Instance request. Recently, the job has been failing because Spot Instances are being reclaimed before the job completes. The company wants a cost-effective solution that ensures the job completes reliably. The job can handle interruptions by checkpointing. Which solution should the company implement?
213A company runs a web application on EC2 instances behind an Application Load Balancer. Users report intermittent 503 errors. CloudWatch logs show the ALB's healthy host count occasionally drops to zero during traffic spikes. Which design change should a solutions architect implement to improve availability?
214A media company uses AWS CloudFront to distribute video content. They notice that some users in Europe experience high latency. CloudFront metrics show low cache hit ratios for European edge locations. The origin is an S3 bucket in us-east-1. What is the MOST effective optimization?
215A company uses AWS Lambda to process events from an SQS queue. The Lambda function has a reserved concurrency of 5. During peak hours, messages are being backed up in the queue. The function's duration is well within the 15-minute limit. What is the fastest way to increase throughput?
216A financial services company runs a critical application on EC2 instances in an Auto Scaling group across multiple Availability Zones. They need to ensure that in the event of a single AZ failure, the application remains available with no data loss. The application uses EBS volumes for persistent storage. What should a solutions architect recommend?
217A company is migrating a monolithic application to a microservices architecture on AWS. They want to improve deployment frequency and reduce risk. Which TWO strategies should they adopt?
218A company runs a stateful web application on EC2 instances with EBS volumes. They want to improve resilience by distributing the workload across multiple Availability Zones. Which THREE steps should they take?
219A company uses AWS CloudFormation to deploy infrastructure. They need to ensure that updates to a stack do not cause downtime for a critical database. Which TWO strategies should they use?
220A company runs a containerized application on Amazon ECS with Fargate. They want to improve the security of their container images without slowing down the CI/CD pipeline. Which THREE measures should they implement?
221A company runs a customer-facing web application on EC2 instances behind an Application Load Balancer. The application stores session data in an RDS MySQL database. Recently, they have been experiencing increased latency and occasional timeouts during peak hours. The operations team has observed that the RDS instance's CPU utilization is consistently above 80%, and the number of database connections is near the maximum allowed. The application code is not easily modifiable in the short term. The company needs a solution that reduces the load on the database with minimal changes to the application. What should a solutions architect recommend?
222A company uses AWS CodePipeline to deploy a static website to an S3 bucket. The pipeline includes a source stage from GitHub and a deploy stage that syncs the S3 bucket. Recently, the deployment has been failing intermittently with the error 'Access Denied' when the pipeline tries to write to the S3 bucket. The bucket policy allows the pipeline's service role to perform s3:PutObject. The service role has the following IAM policy attached: { 'Effect': 'Allow', 'Action': 's3:PutObject', 'Resource': 'arn:aws:s3:::my-bucket/*' }. What is the MOST likely cause of the failure?
223A company runs a batch processing application on a scheduled EC2 instance that starts every night. The instance processes a large number of files from an S3 bucket and writes results to another S3 bucket. The job takes approximately 6 hours to complete. Recently, the job has been failing after 4 hours with an error indicating that the instance's EBS root volume is full. The instance type is t3.medium with a 20 GB gp2 root volume. The application writes temporary files to the root volume. The company wants to fix this with minimal changes to the application and infrastructure. What should a solutions architect recommend?
224A company runs a high-traffic web application on EC2 instances in an Auto Scaling group. The application uses a Redis cluster for caching. Recently, they have noticed that the cache hit ratio has dropped significantly, causing increased load on the database. The operations team observed that the Redis cluster's CPU utilization is high and memory usage is near capacity. They need to improve the cache performance with minimal changes to the application code. What should a solutions architect recommend?
225A company uses AWS CloudFormation to deploy a stack that includes an Amazon RDS MySQL instance. The stack template defines the DBInstanceClass as db.t3.medium. After deployment, the database performance is insufficient for the workload. The company wants to change the instance class to db.r5.large without recreating the database. What should they do?
226A company runs a web application on AWS Elastic Beanstalk. The application experiences periodic traffic spikes that cause the environment to scale out. However, the scaling is slow, leading to increased latency during spikes. The operations team wants to improve the responsiveness of the Auto Scaling group. The application is stateless and runs on a single instance type. What should a solutions architect recommend?
227A company runs a production AWS environment with Amazon EC2 instances managed by Auto Scaling groups. The operations team notices that after a recent deployment, the application is returning higher error rates. Which TWO steps should the team take to enable a quick rollback and improve future deployments?
228A company has a serverless application using AWS Lambda, Amazon API Gateway, and Amazon DynamoDB. The application experiences occasional timeouts during peak hours. After reviewing AWS X-Ray traces, the team finds that DynamoDB queries are slow. Which THREE actions should the team take to improve performance and continuously optimize the solution?
229A financial services company runs a critical trading application on Amazon EC2 instances behind an Application Load Balancer (ALB) in three Availability Zones. The application uses a MySQL-compatible Amazon RDS for MariaDB database with Multi-AZ deployment. Recently, the operations team noticed that during periods of heavy trading, the database CPU utilization spikes to 100%, causing query timeouts and application errors. The team has already reviewed slow query logs and enabled Performance Insights, but the issue persists. The application is read-heavy with frequent writes. The team needs to reduce database load with minimal changes to the application code. Which solution is the MOST effective and scalable?
230A media company delivers video content to a global audience using Amazon CloudFront, AWS Lambda@Edge, and Amazon S3. The origin is an S3 bucket that stores video files. Recently, users in Asia-Pacific report slow load times. The operations team checks CloudFront metrics and sees a high cache miss rate for content popular in that region. The team wants to improve performance for all users without significantly increasing costs. The application uses a single CloudFront distribution with a default cache behavior. The S3 bucket is in us-east-1. Which solution should the team implement?
231A healthcare company runs a HIPAA-compliant web application on AWS. The application consists of an Application Load Balancer (ALB), a fleet of Amazon EC2 instances in an Auto Scaling group, and an Amazon RDS for PostgreSQL database with Multi-AZ. The security team requires that all data in transit be encrypted using TLS 1.2 or higher. The current setup uses an SSL certificate on the ALB to terminate HTTPS, but traffic between the ALB and EC2 instances is over HTTP. The company wants to enforce end-to-end encryption without changing the application code. Which solution meets these requirements?
232A social media startup uses AWS Lambda functions to process user-uploaded images. The Lambda function resizes images and stores them in Amazon S3. The function uses the S3 SDK to put objects. Recently, the team noticed that the function sometimes fails with 'Timeout' errors for large images. The Lambda function has a timeout of 5 seconds and 256 MB of memory. The team wants to improve the solution to handle larger images reliably and cost-effectively. Which solution should the team implement?
233A startup runs its application on Amazon ECS with Fargate launch type. The application uses an Application Load Balancer to distribute traffic. During a recent marketing campaign, the application experienced high latency and some requests returned 503 errors. The team suspects that the tasks are hitting resource limits. The team wants to automatically scale the tasks based on CPU utilization. Which solution should the team implement?
234A company is experiencing increased latency in their web application running on EC2 instances behind an Application Load Balancer. The application uses an RDS MySQL database. The CloudWatch metrics show elevated CPU utilization on the database instance during peak hours. Which design change would be MOST effective to reduce database load without application code changes?
235A company runs a critical workload on EC2 instances in an Auto Scaling group across three Availability Zones. The application needs to maintain a consistent IP address for outbound traffic to external partners. The current design uses a NAT gateway in each AZ, but partners whitelist a single IP. How can the company provide a fixed outbound IP while maintaining high availability?
236A DevOps engineer is troubleshooting an AWS CodePipeline that fails during the Deploy stage. The pipeline deploys a static website to an S3 bucket. The error message indicates 'Access Denied' when putting objects into the bucket. What is the MOST likely cause?
237A company has a serverless application using AWS Lambda functions that process messages from an Amazon SQS queue. The queue receives a burst of messages daily. The Lambda function sometimes times out, causing messages to return to the queue and be reprocessed. How can the company improve the application to handle the burst without reprocessing failures?
238A company is using Amazon CloudFront to serve content from an S3 origin. The content is updated infrequently. Users in some regions report seeing stale content. The company wants to ensure that users always see the latest version without waiting for TTL expiration. What is the MOST cost-effective solution?
239A company runs a real-time analytics platform on Amazon Kinesis Data Streams with multiple consumers. The stream is provisioned with 10 shards. One consumer is falling behind, causing data latency. The consumer reads data using the Kinesis Client Library (KCL). Which action will improve the consumer's processing throughput?
240A company is using AWS CloudFormation to manage infrastructure. The stack creation fails with the error 'Resource handler returned message: 'User: arn:aws:sts::123456789012:assumed-role/Admin/MySession is not authorized to perform: ec2:RunInstances'. What is the MOST likely cause?
241A company is migrating an on-premises application to AWS. The application requires persistent shared storage that can be accessed by multiple EC2 instances simultaneously with strong consistency. Which AWS storage solution should the company use?
242A company has a web application behind an Application Load Balancer that uses sticky sessions. The application is deployed on EC2 instances in an Auto Scaling group. During a deployment, the team notices that users are experiencing errors after new instances are launched. What is the MOST likely cause?
243A company is using Amazon API Gateway with a Lambda authorizer to authenticate requests. The Lambda authorizer function times out frequently during peak traffic. The company wants to improve authorization performance without changing the authentication logic. Which TWO actions should the company take? (Choose TWO.)
244A company uses AWS Control Tower to manage a multi-account environment. The security team wants to ensure that all accounts conform to a set of baseline rules, including encryption at rest for S3 buckets. Which THREE steps should the team take to implement this control? (Choose THREE.)
245A company is designing a disaster recovery strategy for a critical application running on Amazon RDS for PostgreSQL. The primary database is in us-east-1. The company needs a Recovery Point Objective (RPO) of less than 5 seconds and a Recovery Time Objective (RTO) of less than 1 minute. Which TWO solutions meet these requirements? (Choose TWO.)
246Refer to the exhibit. { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:role/Admin" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "StringEquals": { "kms:CallerAccount": "123456789012" } } }, { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:role/Admin" }, "Action": [ "kms:Decrypt" ], "Resource": "*" } ] } A solutions architect is reviewing the above KMS key policy. The Admin role cannot decrypt data using the key. What is the MOST likely reason?
247Refer to the exhibit. $ aws ec2 describe-instances --region us-east-1 --filters Name=tag:Name,Values=WebServer --query 'Reservations[].Instances[].{ID:InstanceId,State:State.Name,Type:InstanceType,LaunchTime:LaunchTime}' --output table A DevOps engineer runs the above command. The Auto Scaling group for WebServer instances has a desired count of 3, but the engineer notices that there are 5 instances with the same tag. What is the MOST likely cause?
248A company is using AWS Lambda functions to process data from an S3 bucket. Recently, the function has been timing out. The function has a 5-minute timeout configured. What is the most likely cause of the timeout?
249A DevOps engineer notices that an EC2 instance is running but is not reachable via SSH. The instance was launched with a security group that allows SSH from anywhere (0.0.0.0/0). What is the most likely cause?
250A company is running a stateful web application on EC2 instances behind an ALB. Users report that when they refresh a page, they are logged out. What is the best solution to fix this issue?
251A company uses AWS CloudFormation to deploy infrastructure. A recent deployment failed with a stack update error. The error message indicates that a resource was being updated but was in a failed state. What should the engineer do to resolve this issue?
252A company has an S3 bucket that stores critical data. They need to ensure that all objects are encrypted at rest. The bucket policy currently denies uploads if the x-amz-server-side-encryption header is not set to AES256. However, some objects are still stored with SSE-KMS. How can the company enforce SSE-S3 exclusively?
253A company is using Amazon RDS for MySQL and notices that read replicas are falling behind the primary. The primary instance is experiencing high write traffic. What is the best solution to reduce replica lag?
254A company has a VPC with a public subnet and a private subnet. An EC2 instance in the private subnet needs to download patches from the internet. The instance does not have a public IP. What is the most secure way to provide internet access?
255A developer is deploying a serverless application using AWS SAM. The deployment fails with a 'ResourceNotReady' error. What is the most likely cause?
256A company is using Amazon CloudFront with an S3 origin. They notice that users are receiving outdated content. What configuration change should be made to ensure users always get the latest content?
257Which TWO actions would improve the security of an S3 bucket that contains sensitive data? (Choose two.)
258Which THREE factors should be considered when designing a disaster recovery plan for a multi-tier application using AWS? (Choose three.)
259Which TWO AWS services can be used to monitor and troubleshoot network connectivity issues between EC2 instances? (Choose two.)
260An IAM policy is attached to a user. What is the result when the user tries to upload an object with SSE-KMS encryption?
261An S3 bucket contains log files. An administrator runs the above AWS CLI command. What does the output indicate?
262An IAM policy condition allows launching EC2 instances only if the instance type is t2.micro or t2.small. A developer tries to launch a t2.medium instance. What happens?
263A company runs a web application on EC2 instances behind an Application Load Balancer. Recently, the application has been experiencing intermittent latency spikes. CloudWatch metrics show high CPU utilization on the instances during these spikes, but no corresponding increase in request count. Which action is MOST likely to identify the root cause?
264A company uses AWS Lambda functions to process files uploaded to an S3 bucket. The processing time varies, but some files fail with a timeout error. The function has the default timeout setting. What is the MOST cost-effective way to resolve this issue?
265A company has a multi-account AWS environment using AWS Organizations. The security team needs to ensure that all S3 buckets across all accounts are encrypted with AWS KMS. The team wants to automatically remediate any non-compliant buckets created in the future. Which solution is MOST effective and requires the least ongoing maintenance?
266A company runs a critical application on an Amazon RDS for PostgreSQL DB instance. The database experiences periodic slowdowns. The team notices that the DB instance has a large number of connections in an idle state. What is the BEST way to address this issue?
267A company uses AWS CodePipeline to deploy a microservices application to Amazon ECS. Recently, a deployment failed because the new task definition referenced an ECR image that did not exist. The team wants to prevent this type of failure in the future. Which action should be taken?
268A company stores sensitive data in an S3 bucket. The security team requires that all data be encrypted at rest using server-side encryption with AWS KMS (SSE-KMS). An audit reveals that some objects were uploaded without encryption. What is the MOST efficient way to enforce encryption for all future uploads?
269A company runs a stateless web application on EC2 instances in an Auto Scaling group. The application is deployed across multiple Availability Zones. The team notices that during a recent traffic spike, some instances were terminated and replaced, causing a temporary drop in performance. How can the team improve the resilience of the application?
270A company uses AWS CloudFormation to deploy infrastructure. The team wants to ensure that all resources are tagged with a CostCenter tag. They want to automatically remediate any stack that creates resources without the required tag. Which approach is MOST effective?
271A company is using Amazon API Gateway to expose a REST API. The API backend is a Lambda function that queries an Amazon DynamoDB table. During peak hours, the API returns HTTP 429 (Too Many Requests) errors. What is the MOST cost-effective way to reduce these errors?
272A company uses an Amazon RDS for MySQL DB instance. The database is experiencing high read latency. The team wants to improve read performance with minimal application changes. Which TWO actions should the team take? (Choose two.)
273A company has a fleet of EC2 instances that process data from an SQS queue. The instances are part of an Auto Scaling group. The team notices that the queue depth is growing, but the Auto Scaling group is not scaling out quickly enough. Which THREE actions should the team take to improve the scaling responsiveness? (Choose three.)
274A company uses AWS CloudFormation to manage infrastructure. A recent update to a stack failed, and the stack is now in a ROLLBACK_COMPLETE state. The team needs to investigate the cause and then redeploy the update. Which TWO actions should the team take? (Choose two.)
275A company runs a web application on Amazon ECS with Fargate launch type. The application is behind an Application Load Balancer. During traffic spikes, the application becomes slow. The team suspects that the ECS service is not scaling fast enough. Which THREE actions should the team take to improve the scalability? (Choose three.)
276Refer to the exhibit. An IAM policy is attached to a group. A user in the group tries to stop an EC2 instance with the tag 'Environment=production'. The action fails. What is the MOST likely reason?
277Refer to the exhibit. A company configured an Amazon Route 53 alias record for a domain name pointing to an Application Load Balancer (ALB). Users report that occasionally they are directed to an unhealthy ALB node. Which change should the company make to improve availability?
278A company is using AWS CloudFormation to manage its infrastructure. They have a production stack that creates an Amazon RDS DB instance. The company wants to update the DB instance class to a larger size with minimal downtime. Which approach should they use?
279A company has a production AWS Lambda function that processes data from an Amazon SQS queue. The function often experiences throttling errors. The company wants to implement a solution to reduce throttling and improve processing performance. Which solution meets these requirements?
280A Solutions Architect is reviewing an Amazon S3 bucket policy that grants access to users from another AWS account. The policy uses the Principal element with "AWS": "arn:aws:iam::123456789012:root". The users in the other account are unable to access the bucket. What is the most likely cause?
281A company is running a web application on Amazon EC2 instances behind an Application Load Balancer. The application experiences high latency during peak hours. The company wants to improve performance by enabling HTTP/2. What is the simplest way to achieve this?
282A company uses an AWS CodePipeline to deploy a serverless application. The pipeline includes a build stage that runs on AWS CodeBuild and a deploy stage that updates an AWS Lambda function. The company wants to add a manual approval step before the deploy stage. What is the most efficient way to implement this?
283A company is using Amazon DynamoDB as the primary database for a web application. The application experiences occasional throttling on writes. The company wants to implement a solution that automatically increases write capacity during traffic spikes. Which solution should they use?
284A company has a production Amazon ECS service running on Fargate. The service needs to be updated to use a new task definition with different environment variables. The company wants to perform a rolling update with minimal impact. What is the correct way to update the service?
285A company is using an AWS Direct Connect connection to access its VPC. The company is experiencing intermittent connectivity issues. The Solutions Architect suspects a routing problem. Which AWS service can help diagnose the issue by providing real-time metrics and logs?
286A company has an Amazon S3 bucket that stores sensitive data. The company wants to ensure that all data in the bucket is encrypted at rest. Which action should the Solutions Architect take?
287A company is running a critical application on Amazon EC2 instances in an Auto Scaling group. The application stores data on an Amazon EBS volume. To improve recovery time in the event of an AZ failure, which TWO actions should the company take? (Choose two.)
288A company is using AWS CodePipeline to deploy a web application. The pipeline includes a build stage and a deploy stage. The company wants to add a test stage that runs automated integration tests after the build stage and before the deploy stage. Which THREE actions should the company take? (Choose three.)
289A company is migrating a legacy application to AWS. The application requires a relational database with high availability and automated backups. Which TWO AWS services should the company consider? (Choose two.)
290An IAM policy is attached to an IAM user. The user reports being unable to download objects from the bucket 'example-bucket' when connecting from their office IP address 203.0.113.5. What is the most likely reason?
291A Solutions Architect runs the above AWS CLI command and gets the output shown. The instance is 'running' but the application is not accessible. What should the Solutions Architect check next?
292A CloudFormation stack update failed with the above error. What is the likely cause?
293A company is using AWS Lambda functions to process files uploaded to an S3 bucket. Recently, the processing time has increased significantly. A solutions architect notices that the Lambda functions are using the default VPC configuration. What is the MOST likely cause of the performance degradation?
294A company runs a web application on EC2 instances behind an Application Load Balancer (ALB). The application experiences periodic spikes in traffic. The operations team wants to ensure that the application can handle the spikes without manual intervention. What is the MOST cost-effective solution?
295A company uses AWS Organizations with multiple accounts. The security team wants to enforce that all new S3 buckets are encrypted using AES-256. What is the MOST effective way to enforce this requirement?
296A company runs a critical application on Amazon RDS for PostgreSQL. The database experiences high read traffic. The application is read-heavy and can tolerate eventual consistency for some queries. What is the MOST effective way to improve read performance without significant architectural changes?
297A company has a serverless application using AWS Lambda, API Gateway, and DynamoDB. During a traffic spike, some API requests fail with 5xx errors. The CloudWatch logs show 'ProvisionedThroughputExceededException' for DynamoDB. The team wants to handle this gracefully without losing requests. What should they do?
298A company runs a containerized application on Amazon ECS with Fargate launch type. The application is deployed across multiple Availability Zones. Recently, deployments have been failing because new tasks cannot register with the Application Load Balancer (ALB) target group. The health checks are failing. What is the MOST likely cause?
299A company is using AWS CloudFormation to manage infrastructure. They want to ensure that any changes to a production stack are reviewed and approved before being applied. What is the BEST way to achieve this?
300A company runs a stateful web application on EC2 instances in an Auto Scaling group. The application uses a shared file system mounted on each instance. The company wants to minimize downtime during deployments. What should they use?
The Continuous Improvement for Existing Solutions domain covers the key concepts tested in this area of the SAP-C02 exam blueprint published by Amazon Web Services. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all SAP-C02 domains — no account required.
The Courseiva SAP-C02 question bank contains 300 questions in the Continuous Improvement for Existing Solutions domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Continuous Improvement for Existing Solutions domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included